Miggo Logo
Miggo Vulnerability Database
CVE-2018-25031

CVE-2018-25031:
Spoofing attack in swagger-ui

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2018-25031
GHSA ID
GHSA-cr3q-pqgq-m8c2
EPSS Score
0.99187%
CWE
CWE-20
Published
3/12/2022
Updated
8/1/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
swagger-uinpm< 4.1.34.1.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Swagger UI's handling of URL parameters before v4.1.3. The key commit in GHSA-cr3q-pqgq-m8c2 (#7697) introduced a queryConfigEnabled flag to disable this behavior by default. This indicates the core issue was in functions processing URL parameters during configuration setup. While exact function names/paths aren't explicitly shown in available resources, the pattern matches configuration initialization logic that would handle URL parameters like 'url' without validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sw****r UI ***or* *.*.* *oul* *llow * r*mot* *tt**k*r to *on*u*t spoo*in* *tt**ks. *y p*rsu**in* * vi*tim to op*n * *r**t** URL, *n *tt**k*r *oul* *xploit t*is vuln*r**ility to *ispl*y r*mot* Op*n*PI ***initions.

Reasoning

T** vuln*r**ility st*ms *rom Sw****r UI's **n*lin* o* URL p*r*m*t*rs ***or* v*.*.*. T** k*y *ommit in **S*-*r*q-pq*q-m*** (#****) intro*u*** * `qu*ry*on*i**n**l**` *l** to *is**l* t*is ****vior *y ****ult. T*is in*i**t*s t** *or* issu* w*s in *un*tio